Overview

overview

10

Static

static

8

9b82aa17d4...05.exe

windows7-x64

10

9b82aa17d4...05.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    152s
  • max time network
    145s
  • platform
    windows7_x64
  • resource
    win7-20220718-en
  • resource tags

    arch:x64arch:x86image:win7-20220718-enlocale:en-usos:windows7-x64system
  • submitted
    24-07-2022 13:39

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9b82aa17d4bf5cbeb90702eb219fc0c845abfe8a4e00826d67ac60f6129f9905.exe

  • Size

    337KB

  • MD5

    4f8e31356bf04b080c5ba8e47756c50f

  • SHA1

    3b5eb07249e213865f1f0f4e779b2db126346c2b

  • SHA256

    9b82aa17d4bf5cbeb90702eb219fc0c845abfe8a4e00826d67ac60f6129f9905

  • SHA512

    2c93d7ffad05bea58635a2445aab9b2a5d050b41c7c940bf74a066b2f4db8e4ecda110c7145a7b7de98904b40f3e8251d9a142cc1aaf4308c653aec26759a71f

Score
10/10
darkcometramnitguest16bankerevasionpersistenceratspywarestealertrojanupxworm

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

globalgarus.bounceme.net:5552

Mutex

DC_MUTEX-1A53RNC

Attributes
  • InstallPath

    MSDCSC\testinform.exe

  • gencode

    qQc4wjtBrTS4

  • install

    true

  • offline_keylogger

    true

  • persistence

    true

  • reg_key

    MicroUpdate

Signatures

  • Darkcomet

    DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    trojanratdarkcomet
  • Modifies WinLogon for persistence 2 TTPs 1 IoCs
    persistence
  • Modifies firewall policy service 2 TTPs 3 IoCs
    evasion
  • Modifies security service 2 TTPs 1 IoCs
    evasion
  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Windows security bypass 2 TTPs 2 IoCs
    evasiontrojan
  • Disables RegEdit via registry modification 1 IoCs
    evasion
  • Executes dropped EXE 5 IoCs
  • Sets file to hidden 1 TTPs 2 IoCs

    Modifies file attributes to stop it showing in Explorer etc.

    evasion
  • UPX packed file 11 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Deletes itself 1 IoCs
  • Loads dropped DLL 10 IoCs
  • Windows security modification 2 TTPs 2 IoCs
    evasiontrojan
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Drops file in Program Files directory 5 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies Internet Explorer settings 1 TTPs 30 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 46 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 11 IoCs
  • Suspicious use of UnmapMainImage 4 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • System policy modification 1 TTPs 3 IoCs
    evasion
  • Views/modifies file attributes 1 TTPs 2 IoCs
    evasion

Processes

  • C:\Users\Admin\AppData\Local\Temp\9b82aa17d4bf5cbeb90702eb219fc0c845abfe8a4e00826d67ac60f6129f9905.exe
    "C:\Users\Admin\AppData\Local\Temp\9b82aa17d4bf5cbeb90702eb219fc0c845abfe8a4e00826d67ac60f6129f9905.exe"
    1⤵
    • Modifies WinLogon for persistence
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1968
    • C:\Users\Admin\AppData\Local\Temp\9b82aa17d4bf5cbeb90702eb219fc0c845abfe8a4e00826d67ac60f6129f9905Srv.exe
      C:\Users\Admin\AppData\Local\Temp\9b82aa17d4bf5cbeb90702eb219fc0c845abfe8a4e00826d67ac60f6129f9905Srv.exe
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops file in Program Files directory
      • Suspicious use of UnmapMainImage
      • Suspicious use of WriteProcessMemory
      PID:1648
      • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
        "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
        3⤵
        • Executes dropped EXE
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of UnmapMainImage
        • Suspicious use of WriteProcessMemory
        PID:672
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe"
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:780
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:780 CREDAT:275457 /prefetch:2
            5⤵
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:1180
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:780 CREDAT:275460 /prefetch:2
            5⤵
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:1096
    • C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe" /k attrib "C:\Users\Admin\AppData\Local\Temp\9b82aa17d4bf5cbeb90702eb219fc0c845abfe8a4e00826d67ac60f6129f9905.exe" +s +h
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1828
      • C:\Windows\SysWOW64\attrib.exe
        attrib "C:\Users\Admin\AppData\Local\Temp\9b82aa17d4bf5cbeb90702eb219fc0c845abfe8a4e00826d67ac60f6129f9905.exe" +s +h
        3⤵
        • Sets file to hidden
        • Views/modifies file attributes
        PID:1228
    • C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe" /k attrib "C:\Users\Admin\AppData\Local\Temp" +s +h
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:852
      • C:\Windows\SysWOW64\attrib.exe
        attrib "C:\Users\Admin\AppData\Local\Temp" +s +h
        3⤵
        • Sets file to hidden
        • Views/modifies file attributes
        PID:304
    • C:\Windows\SysWOW64\notepad.exe
      notepad
      2⤵
      • Deletes itself
      PID:1016
    • C:\Users\Admin\Documents\MSDCSC\testinform.exe
      "C:\Users\Admin\Documents\MSDCSC\testinform.exe"
      2⤵
      • Modifies firewall policy service
      • Modifies security service
      • Windows security bypass
      • Disables RegEdit via registry modification
      • Executes dropped EXE
      • Loads dropped DLL
      • Windows security modification
      • Adds Run key to start application
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      • System policy modification
      PID:1232
      • C:\Program Files (x86)\Internet Explorer\iexplore.exe
        "C:\Program Files (x86)\Internet Explorer\iexplore.exe"
        3⤵
          PID:964
        • C:\Windows\SysWOW64\notepad.exe
          notepad
          3⤵
            PID:1932
          • C:\Windows\explorer.exe
            "C:\Windows\explorer.exe"
            3⤵
              PID:572
            • C:\Users\Admin\Documents\MSDCSC\testinformSrv.exe
              C:\Users\Admin\Documents\MSDCSC\testinformSrv.exe
              3⤵
              • Executes dropped EXE
              • Loads dropped DLL
              • Drops file in Program Files directory
              • Suspicious use of UnmapMainImage
              PID:1632
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe"
          1⤵
            PID:992
          • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
            "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
            1⤵
            • Executes dropped EXE
            • Suspicious behavior: EnumeratesProcesses
            • Suspicious use of UnmapMainImage
            PID:568

          Network

          MITRE ATT&CK Matrix ATT&CK v6

          Initial Access

          Execution

          Persistence

          Winlogon Helper DLL

          1
          T1004

          Modify Existing Service

          2
          T1031

          Hidden Files and Directories

          2
          T1158

          Registry Run Keys / Startup Folder

          1
          T1060

          Privilege Escalation

          Defense Evasion

          Modify Registry

          8
          T1112

          Disabling Security Tools

          2
          T1089

          Hidden Files and Directories

          2
          T1158

          Credential Access

          Discovery

          System Information Discovery

          1
          T1082

          Lateral Movement

          Collection

          Exfiltration

          Command and Control

          Impact

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
            Filesize

            52KB

            MD5

            17efb7e40d4cadaf3a4369435a8772ec

            SHA1

            eb9302063ac2ab599ae93aaa1e45b88bbeacbca2

            SHA256

            f515564b67efd06fa42f57532feafc49d40b0fc36c5d4935300dd55416f0a386

            SHA512

            522fba06304950860fa9aa8933b12b9323dea47dbda363db3f57535396c156c4cf6934a9db38fff8c77503fcb889d030fadb639094a1f34bbad54c79c8734450

            Download Submit
          • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
            Filesize

            52KB

            MD5

            17efb7e40d4cadaf3a4369435a8772ec

            SHA1

            eb9302063ac2ab599ae93aaa1e45b88bbeacbca2

            SHA256

            f515564b67efd06fa42f57532feafc49d40b0fc36c5d4935300dd55416f0a386

            SHA512

            522fba06304950860fa9aa8933b12b9323dea47dbda363db3f57535396c156c4cf6934a9db38fff8c77503fcb889d030fadb639094a1f34bbad54c79c8734450

            Download Submit
          • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
            Filesize

            52KB

            MD5

            17efb7e40d4cadaf3a4369435a8772ec

            SHA1

            eb9302063ac2ab599ae93aaa1e45b88bbeacbca2

            SHA256

            f515564b67efd06fa42f57532feafc49d40b0fc36c5d4935300dd55416f0a386

            SHA512

            522fba06304950860fa9aa8933b12b9323dea47dbda363db3f57535396c156c4cf6934a9db38fff8c77503fcb889d030fadb639094a1f34bbad54c79c8734450

            Download Submit
          • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
            Filesize

            52KB

            MD5

            17efb7e40d4cadaf3a4369435a8772ec

            SHA1

            eb9302063ac2ab599ae93aaa1e45b88bbeacbca2

            SHA256

            f515564b67efd06fa42f57532feafc49d40b0fc36c5d4935300dd55416f0a386

            SHA512

            522fba06304950860fa9aa8933b12b9323dea47dbda363db3f57535396c156c4cf6934a9db38fff8c77503fcb889d030fadb639094a1f34bbad54c79c8734450

            Download Submit
          • C:\Users\Admin\AppData\Local\Temp\9b82aa17d4bf5cbeb90702eb219fc0c845abfe8a4e00826d67ac60f6129f9905Srv.exe
            Filesize

            52KB

            MD5

            17efb7e40d4cadaf3a4369435a8772ec

            SHA1

            eb9302063ac2ab599ae93aaa1e45b88bbeacbca2

            SHA256

            f515564b67efd06fa42f57532feafc49d40b0fc36c5d4935300dd55416f0a386

            SHA512

            522fba06304950860fa9aa8933b12b9323dea47dbda363db3f57535396c156c4cf6934a9db38fff8c77503fcb889d030fadb639094a1f34bbad54c79c8734450

            Download Submit
          • C:\Users\Admin\AppData\Local\Temp\9b82aa17d4bf5cbeb90702eb219fc0c845abfe8a4e00826d67ac60f6129f9905Srv.exe
            Filesize

            52KB

            MD5

            17efb7e40d4cadaf3a4369435a8772ec

            SHA1

            eb9302063ac2ab599ae93aaa1e45b88bbeacbca2

            SHA256

            f515564b67efd06fa42f57532feafc49d40b0fc36c5d4935300dd55416f0a386

            SHA512

            522fba06304950860fa9aa8933b12b9323dea47dbda363db3f57535396c156c4cf6934a9db38fff8c77503fcb889d030fadb639094a1f34bbad54c79c8734450

            Download Submit
          • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\4HJASGX7.txt
            Filesize

            608B

            MD5

            1cb75d3c341377889795ea4c93a07929

            SHA1

            b8fb6a4211136aa6b77614209f167f5c4836b035

            SHA256

            d3c831f1d1d3fa55106032f8550781729e1ccb78738c1b24e843af34a98c37cf

            SHA512

            35736ab6b43281b2e84f49703cc2055d2a3750b6318912e1115bece206c59dfabdfc16b1a622e166c489469bf27c7c8821c71fe38b443c891cacdc5e887876a0

            Download Submit
          • C:\Users\Admin\Documents\MSDCSC\testinform.exe
            Filesize

            337KB

            MD5

            4f8e31356bf04b080c5ba8e47756c50f

            SHA1

            3b5eb07249e213865f1f0f4e779b2db126346c2b

            SHA256

            9b82aa17d4bf5cbeb90702eb219fc0c845abfe8a4e00826d67ac60f6129f9905

            SHA512

            2c93d7ffad05bea58635a2445aab9b2a5d050b41c7c940bf74a066b2f4db8e4ecda110c7145a7b7de98904b40f3e8251d9a142cc1aaf4308c653aec26759a71f

            Download Submit
          • C:\Users\Admin\Documents\MSDCSC\testinform.exe
            Filesize

            337KB

            MD5

            4f8e31356bf04b080c5ba8e47756c50f

            SHA1

            3b5eb07249e213865f1f0f4e779b2db126346c2b

            SHA256

            9b82aa17d4bf5cbeb90702eb219fc0c845abfe8a4e00826d67ac60f6129f9905

            SHA512

            2c93d7ffad05bea58635a2445aab9b2a5d050b41c7c940bf74a066b2f4db8e4ecda110c7145a7b7de98904b40f3e8251d9a142cc1aaf4308c653aec26759a71f

            Download Submit
          • C:\Users\Admin\Documents\MSDCSC\testinformSrv.exe
            Filesize

            52KB

            MD5

            17efb7e40d4cadaf3a4369435a8772ec

            SHA1

            eb9302063ac2ab599ae93aaa1e45b88bbeacbca2

            SHA256

            f515564b67efd06fa42f57532feafc49d40b0fc36c5d4935300dd55416f0a386

            SHA512

            522fba06304950860fa9aa8933b12b9323dea47dbda363db3f57535396c156c4cf6934a9db38fff8c77503fcb889d030fadb639094a1f34bbad54c79c8734450

            Download Submit
          • C:\Users\Admin\Documents\MSDCSC\testinformSrv.exe
            Filesize

            52KB

            MD5

            17efb7e40d4cadaf3a4369435a8772ec

            SHA1

            eb9302063ac2ab599ae93aaa1e45b88bbeacbca2

            SHA256

            f515564b67efd06fa42f57532feafc49d40b0fc36c5d4935300dd55416f0a386

            SHA512

            522fba06304950860fa9aa8933b12b9323dea47dbda363db3f57535396c156c4cf6934a9db38fff8c77503fcb889d030fadb639094a1f34bbad54c79c8734450

            Download Submit
          • \Program Files (x86)\Microsoft\DesktopLayer.exe
            Filesize

            52KB

            MD5

            17efb7e40d4cadaf3a4369435a8772ec

            SHA1

            eb9302063ac2ab599ae93aaa1e45b88bbeacbca2

            SHA256

            f515564b67efd06fa42f57532feafc49d40b0fc36c5d4935300dd55416f0a386

            SHA512

            522fba06304950860fa9aa8933b12b9323dea47dbda363db3f57535396c156c4cf6934a9db38fff8c77503fcb889d030fadb639094a1f34bbad54c79c8734450

            Download Submit
          • \Program Files (x86)\Microsoft\DesktopLayer.exe
            Filesize

            52KB

            MD5

            17efb7e40d4cadaf3a4369435a8772ec

            SHA1

            eb9302063ac2ab599ae93aaa1e45b88bbeacbca2

            SHA256

            f515564b67efd06fa42f57532feafc49d40b0fc36c5d4935300dd55416f0a386

            SHA512

            522fba06304950860fa9aa8933b12b9323dea47dbda363db3f57535396c156c4cf6934a9db38fff8c77503fcb889d030fadb639094a1f34bbad54c79c8734450

            Download Submit
          • \Program Files (x86)\Microsoft\DesktopLayer.exe
            Filesize

            52KB

            MD5

            17efb7e40d4cadaf3a4369435a8772ec

            SHA1

            eb9302063ac2ab599ae93aaa1e45b88bbeacbca2

            SHA256

            f515564b67efd06fa42f57532feafc49d40b0fc36c5d4935300dd55416f0a386

            SHA512

            522fba06304950860fa9aa8933b12b9323dea47dbda363db3f57535396c156c4cf6934a9db38fff8c77503fcb889d030fadb639094a1f34bbad54c79c8734450

            Download Submit
          • \Program Files (x86)\Microsoft\DesktopLayer.exe
            Filesize

            52KB

            MD5

            17efb7e40d4cadaf3a4369435a8772ec

            SHA1

            eb9302063ac2ab599ae93aaa1e45b88bbeacbca2

            SHA256

            f515564b67efd06fa42f57532feafc49d40b0fc36c5d4935300dd55416f0a386

            SHA512

            522fba06304950860fa9aa8933b12b9323dea47dbda363db3f57535396c156c4cf6934a9db38fff8c77503fcb889d030fadb639094a1f34bbad54c79c8734450

            Download Submit
          • \Users\Admin\AppData\Local\Temp\9b82aa17d4bf5cbeb90702eb219fc0c845abfe8a4e00826d67ac60f6129f9905Srv.exe
            Filesize

            52KB

            MD5

            17efb7e40d4cadaf3a4369435a8772ec

            SHA1

            eb9302063ac2ab599ae93aaa1e45b88bbeacbca2

            SHA256

            f515564b67efd06fa42f57532feafc49d40b0fc36c5d4935300dd55416f0a386

            SHA512

            522fba06304950860fa9aa8933b12b9323dea47dbda363db3f57535396c156c4cf6934a9db38fff8c77503fcb889d030fadb639094a1f34bbad54c79c8734450

            Download Submit
          • \Users\Admin\AppData\Local\Temp\9b82aa17d4bf5cbeb90702eb219fc0c845abfe8a4e00826d67ac60f6129f9905Srv.exe
            Filesize

            52KB

            MD5

            17efb7e40d4cadaf3a4369435a8772ec

            SHA1

            eb9302063ac2ab599ae93aaa1e45b88bbeacbca2

            SHA256

            f515564b67efd06fa42f57532feafc49d40b0fc36c5d4935300dd55416f0a386

            SHA512

            522fba06304950860fa9aa8933b12b9323dea47dbda363db3f57535396c156c4cf6934a9db38fff8c77503fcb889d030fadb639094a1f34bbad54c79c8734450

            Download Submit
          • \Users\Admin\Documents\MSDCSC\testinform.exe
            Filesize

            337KB

            MD5

            4f8e31356bf04b080c5ba8e47756c50f

            SHA1

            3b5eb07249e213865f1f0f4e779b2db126346c2b

            SHA256

            9b82aa17d4bf5cbeb90702eb219fc0c845abfe8a4e00826d67ac60f6129f9905

            SHA512

            2c93d7ffad05bea58635a2445aab9b2a5d050b41c7c940bf74a066b2f4db8e4ecda110c7145a7b7de98904b40f3e8251d9a142cc1aaf4308c653aec26759a71f

            Download Submit
          • \Users\Admin\Documents\MSDCSC\testinform.exe
            Filesize

            337KB

            MD5

            4f8e31356bf04b080c5ba8e47756c50f

            SHA1

            3b5eb07249e213865f1f0f4e779b2db126346c2b

            SHA256

            9b82aa17d4bf5cbeb90702eb219fc0c845abfe8a4e00826d67ac60f6129f9905

            SHA512

            2c93d7ffad05bea58635a2445aab9b2a5d050b41c7c940bf74a066b2f4db8e4ecda110c7145a7b7de98904b40f3e8251d9a142cc1aaf4308c653aec26759a71f

            Download Submit
          • \Users\Admin\Documents\MSDCSC\testinformSrv.exe
            Filesize

            52KB

            MD5

            17efb7e40d4cadaf3a4369435a8772ec

            SHA1

            eb9302063ac2ab599ae93aaa1e45b88bbeacbca2

            SHA256

            f515564b67efd06fa42f57532feafc49d40b0fc36c5d4935300dd55416f0a386

            SHA512

            522fba06304950860fa9aa8933b12b9323dea47dbda363db3f57535396c156c4cf6934a9db38fff8c77503fcb889d030fadb639094a1f34bbad54c79c8734450

            Download Submit
          • \Users\Admin\Documents\MSDCSC\testinformSrv.exe
            Filesize

            52KB

            MD5

            17efb7e40d4cadaf3a4369435a8772ec

            SHA1

            eb9302063ac2ab599ae93aaa1e45b88bbeacbca2

            SHA256

            f515564b67efd06fa42f57532feafc49d40b0fc36c5d4935300dd55416f0a386

            SHA512

            522fba06304950860fa9aa8933b12b9323dea47dbda363db3f57535396c156c4cf6934a9db38fff8c77503fcb889d030fadb639094a1f34bbad54c79c8734450

            Download Submit
          • memory/304-72-0x0000000000000000-mapping.dmp
            Download
          • memory/568-93-0x0000000000000000-mapping.dmp
            Download
          • memory/672-68-0x0000000000400000-0x0000000000413000-memory.dmp
            Filesize

            76KB

            Download
          • memory/672-63-0x0000000000000000-mapping.dmp
            Download
          • memory/852-70-0x0000000000000000-mapping.dmp
            Download
          • memory/1016-73-0x0000000000000000-mapping.dmp
            Download
          • memory/1228-71-0x0000000000000000-mapping.dmp
            Download
          • memory/1232-79-0x0000000000000000-mapping.dmp
            Download
          • memory/1232-101-0x0000000000240000-0x0000000000253000-memory.dmp
            Filesize

            76KB

            Download
          • memory/1232-102-0x0000000000400000-0x00000000004D5000-memory.dmp
            Filesize

            852KB

            Download
          • memory/1232-100-0x0000000000400000-0x00000000004D5000-memory.dmp
            Filesize

            852KB

            Download
          • memory/1632-95-0x0000000000400000-0x0000000000413000-memory.dmp
            Filesize

            76KB

            Download
          • memory/1632-84-0x0000000000000000-mapping.dmp
            Download
          • memory/1648-57-0x0000000000000000-mapping.dmp
            Download
          • memory/1648-64-0x0000000000400000-0x0000000000413000-memory.dmp
            Filesize

            76KB

            Download
          • memory/1648-59-0x0000000000400000-0x0000000000413000-memory.dmp
            Filesize

            76KB

            Download
          • memory/1828-69-0x0000000000000000-mapping.dmp
            Download
          • memory/1932-88-0x0000000000000000-mapping.dmp
            Download
          • memory/1968-75-0x0000000000400000-0x00000000004D5000-memory.dmp
            Filesize

            852KB

            Download
          • memory/1968-99-0x0000000003AC0000-0x0000000003B95000-memory.dmp
            Filesize

            852KB

            Download
          • memory/1968-98-0x0000000003AC0000-0x0000000003B95000-memory.dmp
            Filesize

            852KB

            Download
          • memory/1968-76-0x00000000001D0000-0x00000000001E3000-memory.dmp
            Filesize

            76KB

            Download
          • memory/1968-54-0x0000000075851000-0x0000000075853000-memory.dmp
            Filesize

            8KB

            Download